On Fri 2007-06-01 11:00:50, [EMAIL PROTECTED] wrote:
> On Fri, 1 Jun 2007, [EMAIL PROTECTED] wrote:
>
> >On Thu, 24 May 2007 14:47:27 -0000, Pavel Machek said:
> >>Yes, if there's significantly more remote bad guys than local bad
> >>guys, and if remote bad guys can't just get some local user first, AA
> >>still has some value.
> >
> >Experience over on the Windows side of the fence indicates that "remote bad
> >guys get some local user first" is a *MAJOR* part of the current real-world
> >threat model - the vast majority of successful attacks on end-user boxes
> >these
> >days start off with either "Get user to (click on link|open attachment)" or
> >"Subvert the path to a website (either by hacking the real site or
> >hijacking
> >the DNS) and deliver a drive-by fruiting when the user visits the page".
>
> and if your local non-root user can create a hard link to /etc/shadow and
> access it they own your box anyway (they can just set the root password to
> anything they want).
I think you need to look how unix security works:
[EMAIL PROTECTED]:/tmp$ ln /etc/shadow .
[EMAIL PROTECTED]:/tmp$ cat shadow
cat: shadow: Permission denied
[EMAIL PROTECTED]:/tmp$
Yes, regular users are permitted to hardlink shadow, no, it is not a
security hole, yes, it is a problem for AA.
Pavel
--
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures)
http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
